Proactive Risk Management for IT Risk Officers
First and foremost, your charge as the IT Risk Officer for your organization is to ensure constant uptime across all systems. This role is responsible to evaluate overall information technology risk, maintain an active view, and report on the actual, mitigated and residual risk in the technology organization. If anything goes wrong in IT, you know it’ll be up to you to analyze and report your findings. Broad IT stewardship means there’s direct pressure from upper management to protect the organization, while always staying in budget.
At the same time, you might not have enough visibility into specific systems, and with so much on your plate, there might not always be enough time to devote to mainframe security. But while the mainframe is the most secure computer system, it’s not impenetrable. The same security strategies you use for open systems need to be applied to your mainframes.
How can you proactively mitigate corporate risk across all systems? Partner with efficient, effective security experts to help.
The Truth About Data Breaches
The average cost of a breach to a business
Fortune 500 companies that still use mainframes to perform mission-critical applications
Mainframes host critical core IT for 92 of the top 100 banks
The average time it takes to discover a data breach
446,520,000 records exposed from 1,244 reported data breaches in 2018
Questions to Ask to Determine Gaps
Question 1
Is the mainframe environment a part of your IT Risk Assessment methodology?

Question 2
Does your security team provide you with ongoing reports on the security of your mainframe?
Question 3
Do you have the proper controls, governance, and communication to leadership on all aspects of securing your mainframe environment?


Question 4
Do you have a Mainframe Vulnerability Management Program? If not, what aspects of the mainframe are included in compliance audits?
Question 5
Do you have compliance solutions that utilize the commonalities in all the compliance regulations?
Every law and regulation pertaining to digital privacy has three objectives — confidentiality, integrity availability — and impacts three IT compliance components — people, process, technology (PPT).


Question 6
It is predicted that by 2020, there will be over 20 billion devices connected to the Internet of Things (IoT), over 44 trillion gigabytes of data in cyberspace, and 1.7 megabytes of new information will be created every second for every human on the planet. Businesses, which account for only 37% of the 500 gigabytes of data produced per minute today, are predicted to spend 57% of a forecasted $2.9 trillion on endpoint security by 2020. Why? Because organizations are still trying to protect their physical networks from being hacked, rather than protecting their information from being breached.
Do you understand why protecting threats from getting in does not protect information from getting out?
Do you understand the best practices for protecting the confidentiality, integrity, and availability of information stored on your mainframe?
Question 7
Are you aware that mainframe code-based vulnerabilities are not ranked in the NIST National Vulnerability Database (NVD)?
Vendors have Security Patch databases that are not proactive, but reactive. In order to know what Integrity vulnerabilities have been found and patched requires your organization to take a proactive approach with each software vendor.

Key Resources Can Help
Key Resources, Inc. understands these challenges. We’ve developed a range of products and services to help mainframers in every industry, including financial services, healthcare and government, protect their most valuable IT assets.
Learn more about:
- z/Assure® VAP – the only product that automatically scans for and identifies vulnerabilities in mainframe operating system (OS) code. Learn More
- z/Assure® CAM – an automated tool that assesses mainframe security configurations and evaluates compliance. Learn More
- Integrity Assessment Services – helps enterprises discover their risk exposure and take steps to protect their business from the types of breaches that lead to financial harm or regulatory violations. Learn More